Bitcoin Extortion Group DD4BC Now Targeting Financial Services

An anonymous reader writes: Akamai is detailing the activities of DD4BC, a cyber-extortionist group that has launched distributed denial-of-service (DDoS) attacks against numerous organizations and demanded Bitcoin payments to stop the attacks. The group is sending ransom emails requiring payments of 25 to 100 Bitcoin, which is about $6,000 — $24,000 (€5,350 — €21,400). Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.

Do not negotiate with criminals

[TheDarkMaster]

Simply find them and kill them with extreme brutality.

Re:Do not negotiate with criminals

Thanks for the advice, isis.

Re:Do not negotiate with criminals

[circletimessquare]

if justice is more brutal than the crime, then it is not justice

all punishments for all crimes must be less sever than the crime in question

or society itself generates brutality and crime

chopping off hands for theft in sharia law, caning for vandalism in singapore, or locking a guy up for years for smoking pot in the USA: none are not justice

and you, and people who think like you, asking for death for petty extortion, you are worse criminals than the crime you hate

Re:Do not negotiate with criminals

Nonsense. Ensuring that crime is more profitable than the punishment is some type of misconfigured claptrap you dreamed up. Even my liberal diehards don't spout this type of tripe. Of course if you think the FBI and Interpol don't have a pretty good idea who DD4BC is, you are even more naïve than your whining indicates.
They will be punished when the time comes, meanwhile they are fulfilling a much broader purpose, which is mostly keeping the serfs singing songs,

Re:Do not negotiate with criminals

[circletimessquare]

yes, absolutely

because if the punishment is worse than the crime than society itself is the source of crime

in general, we take cues from our culture and our society about how to treat each other. brutality is answered with brutality. a society with brutal punishments is a miserable place where people treat each other excessively harshly for stupid shit: that becomes the norm. should it be?

the idea of justice is not punitive revenge. that creates a violent feedback loop. you want to dampen that feedback, not amplify it

this applies to everything: bad behavior in the office, getting pulled over for a traffic infraction, how to deal with mscreants in the school system

a society that has punishments that are too harsh simply reaps more brutal crimes

yes there are "tough on crime" assholes everywhere. such douchebags must never prevail and set policy. they only create that which they dislike. they are the source of crime themselves by teaching everyone you should be excessive and ridiculously forceful in your response to sleights. they are brutal cruel shitbags and they set the tone. they should be ignored, or caught in their excessive cruelty and punished themselves. sadism is not justice

Re:Do not negotiate with criminals

[circletimessquare]

if the punishment is worse than the crime than society itself is the source of crime

sadism is not justice

in general, we take cues from our culture and our society about how to treat each other. brutality is answered with brutality. a society with brutal punishments is a miserable place where people treat each other excessively harshly for stupid shit: that becomes the norm. should it be?

the idea of justice is not punitive revenge. that creates a violent feedback loop. you want to dampen that feedback, not amplify it

this applies to everything: bad behavior in the office, getting pulled over for a traffic infraction, how to deal with mscreants in the school system

a society that has punishments that are too harsh simply reaps more brutal crimes

yes there are "tough on crime" assholes everywhere. such douchebags must never prevail and set policy. they only create that which they dislike. they are the source of crime themselves by teaching everyone you should be excessive and ridiculously forceful in your response to sleights. brutal cruel shitbags cannot set the tone. they should be ignored, or caught in their excessive cruelty and punished themselves

Re:Do not negotiate with criminals

[circletimessquare]

why is wrath one of the seven deadly sins?

https://en.wikipedia.org/wiki/...

i'm not asking if you're catholic, i'm asking you why wrath is classified as such a terrible thing

think about yourself. easy petty cruel judgment is not a good thing. it is in fact one of the most destructive things, on a societal level and a personal level. for instance you've just given me insight about how you treat yourself if you do something minor and wrong by accident, how you treat yourself. i pity you, i wouldn't want to be you

i said justice must be less harsh than the crime, i didn't say justice shouldn't exist

and if you propose punishment worse than the crime, congratulations: you're a criminal

seriously

some guy steps on my shoe. so i knife him. that's what you think justice is. it's not. that's the kind of society you want. you're not going to get it

Re:Do not negotiate with criminals

[hackwrench]

What makes you think that criminal tendencies can't be cured. Of course it would have helped determine one way or the other if they actually tried.

Re:Do not negotiate with criminals

[TheDarkMaster]

Keep in mind that I have to live in a country where criminal behavior is the default (yep, a shitty place) and people like me are called suckers for insisting on respect the laws. Here they have no shame of committing crimes, that's why the need for harsh punishments.

Re:Do not negotiate with criminals

[TheDarkMaster]

In your country? Maybe. In my country? Many criminals here are nothing but stupid animals, incapable of live in a community.

Re:Do not negotiate with criminals

[TheDarkMaster]

Giving you some context. The punishment must be greater than the crime, otherwise criminals will find it worth committing the crime. But that does not mean of course that the punishment should not be proportional to the size of the crime. But when your criminals are barbaric animals like here, only extreme punishments work, they just do not understand nothing less than heavy beatings or death.

Re:Do not negotiate with criminals

[Archangel+Michael]

There is a difference between extreme justice and sadism.

Part of the lure of many crimes is that of a risk/reward analysis that says, "no big deal, if I get caught I'll only do _________"

A state that enjoys punishing criminals is criminal. A state that reluctantly executes a harsh judgement isn't sadistic. In fact, I would dare say, that if too lenient, letting criminals run free, is itself equal to those that are too extreme in punishment.

When criminals perpetrate violent crime after violent crime, in a capture, punish, release cycle, the system itself is proven broken, proving there isn't enough deterrence in the system.

And no, The penal system isn't for "rehabilitation", it is for punishment. Rehabilitation should only be extended to those that actually want it.

Re:Do not negotiate with criminals

[circletimessquare]

likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily. i won't misunderstand your comment if you don't misunderstand mine

Re:Do not negotiate with criminals

[circletimessquare]

i don't know where you live, but you're not contradicting my point

criminals should receive punishments less harsh than their crimes. they shouldn't get off with light punishment. they shouldn't get off with no punishment

Re:Do not negotiate with criminals

[circletimessquare]

how do you feel after watching this:

https://www.youtube.com/watch?...

you don't perform justice when you become the same as the criminal

in many cases, it's what they want. validation for their own acts that you commit them as well. even if it's not what they want, you've validated them anyways

getting knifed for stepping on someone's shoe. execution on the street for taking a purse. keying a car because you don't like how someone parked: this is all "justice" worse than the crime. with your words you are basically endorsing crime. punishment worse than the crime is a crime itself. escalation is not justice

in fact, you just set yourself on the same journey that the criminal is on. from your words, in my eyes you are a criminal. or you are easily molded by your personal weakness, wrath, into becoming one

you don't defeat your enemy by becoming him

punishment must, as a rule, be less harsh than the crime. i didn't say they should get off lightly. i didn't say they should get off unpunished

But when your criminals are barbaric animals like here, only extreme punishments work

there's a word for someone who thinks like you: a barbaric animal

you are what you hate

Re:Do not negotiate with criminals

[circletimessquare]

so don't read my comments. this isn't a fucking doctoral dissertation, it's a comment board. adjust your expectations

to me it's a sign of a brittle mind, to be so bothered by punctuation. it is of benefit to me and everyone else therefore to weed people like you out of the discussion

I am perfectly capable of standard punctuation. But nowadays I do all lowercase on purpose. Exactly because of comments like yours.

good riddance

Re:Do not negotiate with criminals

[TheDarkMaster]

Well well... Is very, very easy to say what you say in the security of a proper civilized city my friend... Try to live in an uncivilized city like São Paulo or Rio de Janeiro for a few years to see how your "rosy" view of the world will change quickly... As we say here to idiots like you, "Se acha que eles são coitadinhos então leve eles para a sua casa".

Re:Do not negotiate with criminals

[Stan92057]

or locking a guy up for years for smoking pot in the USA

citation please

Re:Do not negotiate with criminals

[david_thornley]

Crime tends to be destructive. If a criminal kills me, and spends the rest of his life in prison, then his consequences are less dire than mine, but it's a whole lot worse for the criminal than refraining from killing me would have been. It's hard to see how that murder would be a positive expectancy for anybody (particularly not me).

The punishment has to be worse than the crime from the criminal's point of view. It doesn't have to be from any other point of view.

Re:Do not negotiate with criminals

[circletimessquare]

why does a thief steal? they see it as justice for how badly they have been treated. why does a rapist rape? they think women treat them badly and they deserve it

they see it as justice

isn't that interesting? sound familiar?

"justice" taken too far is pretty much exactly the same as crime. you have a right to hit someone with your car who is pointing a gun at you. that's justice. you don't have a right to hit someone with your car who insulted your mother. that's crime. but in the eyes of the idiot behind the wheel of the car, it's "justice," it's "fair"

justice is in the eye of the beholder, and if the person thinks overreaction is justice, you have crime instead, and the feeding of more wrath and more crime. a feedback loop, amplification. a society full of people who see brutal overreaction as justice and normal, they reap what they sow: more brutality

so maybe rio and sao paulo are so corrupt and crime ridden *exactly* because it is full of so many assholes who think like you

you're the source of what you hate, your attitude. enough of people like you, and you create it

congratulations on your "success"

Re:Do not negotiate with criminals

[circletimessquare]

you don't need to cite commonly known facts of a topic. if you are unaware of how common extreme punishment for minor drug crimes is, you're only announcing how out of touch you are on the subject

google "years in jail marijuana possession"

http://www.huffingtonpost.com/...

http://www.salon.com/2012/10/2...

http://www.forbes.com/sites/ja...

http://www.rense.com/general61...

https://www.aclu.org/marijuana...

american drug laws are stupid, pointless, and insane, and have achieved zero effect. it's easy as ever to get pot

a society that prescribes brutal punishment for various minor crimes does nothing but announce its brutality. it has no effect on the crime in question

http://www.drugpolicy.org/drug...

it is important to cite interesting and novel facts. it is not important to cite commonly understood and well-established facts. the stupidity and insanity of american drug laws is well-established. we're just waiting for enough nancy reagan era morons to die the fuck off so we can build a sensible drug policy: legalization of non-addictive drugs, treatment for addicts, inducements for dealers of addictive drugs to come clean. destroy the mafias by draining their income. drain their income by incentivizing healthcare for addicts and legalizing nonaddictive substances

look to portugal

Re:Do not negotiate with criminals

[TheDarkMaster]

As i already said before... If you think they deserve your compassion, then take them to your home.

Re:Do not negotiate with criminals

[circletimessquare]

i said the punishment must be less harsh than the crime. i didn't say criminals should get off easily. i didn't say they should get off free

are you retarded? you can't understand the simple meaning, what i actually said, and have to substitute another meaning that no one said?

Re:Do not negotiate with criminals

[TheDarkMaster]

Uhh... Sorry, the retarded here is you and only you. Otherwise you would have understood from the beginning what kind of crimes I consider that must be heavily punished, or in your way of black-and-white thinking you even thought I'd be advocating death penalty for minor things like traffic violations and similar infractions?

Re:Do not negotiate with criminals

[circletimessquare]

no crime, not a single one, should be punished more heavily than the crime itself

which is what i said

which you do not understand

if you want to have conversations with imaginary positions that only exist in your head, you don't need the internet for that

Re:Do not negotiate with criminals

[murkwood7]

intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

As you advocate committing crimes, I can see where you're coming from....

The laws concerning marijuana in much of the US are still morally reprehensible, encouraging people to break those laws is worse than the crime(s) of breaking those laws.

The "society" where laws are ignored will end up being, arguably, just as bad if not worse than the brutal society where people are punished "too harshly" for breaking laws.

Re:Do not negotiate with criminals

[murkwood7]

likewise, i said the punishment must be less harsh than the crime. i didn't say criminals should get off relatively easily.

Yes, you did.

Re:Do not negotiate with criminals

[tehcyder]

Yea....I'm sure you will say that if some scumbag break into your home one night and brutally robs and beats you up to within an inch of your life, trashes your home, kills or injures loved ones that may be there with you at the time.... You will want his freakin' head on a platter and so would I.

That is why we have a legal system. Otherwise, even minor arguments will end up in murder.

Re:Do not negotiate with criminals

[Lotharus]

You're not fucking ee cummings.

Are you certain? Some people are really into dead poets...

This is news for nerds?

[msauve]

So, extortion, but with Bitcoin. meh.

Re:This is news for nerds?

[Godwin+O'Hitler]

Nerd check:

[x] DDOS
[x] Bitcoin
[x] Twitter

Bingo!

Re:Shame?

[Chrisq]

in exposure about being attacked by a bunch of dipshits?

I expect the threat is that if it succeeds they can say "we can bring down the Acme Bank online banking site whenever we want", probably with false implications that customers money is not safe, etc. Certainly the best option is to defend and say "do your worst". There are some sites that are almost continually under attack by enemies of freedom of speech, and they manage to keep going.

The best strategy is to ignore them

[timholman]

Publishing this story is doing no favors to anyone. As many others have pointed out in the past, if your company receives one of these emails, the best strategy is to ignore it.

These extortionists will send emails to hundreds or thousands of different companies, but they can't DDOS all of them at once. Furthermore, they have no idea if their emails even make it past the spam filters of their targets. So how do they decide who to DDOS? By seeing who responds to the blackmail message. Once you respond, and they know you are listening to them, you are now in their sights - not just this time, but the next time they decide to shake you down.

Ignore them. If they DDOS you, deal with it, but never acknowledge their demands. They can never be certain that you are receiving their emails, and if you never respond to them, eventually they'll move on to someone else.

Re:The best strategy is to ignore them

[circletimessquare]

ignoring works for certain topics: copycat suicides, or mass killers. people who actively seek fame or people who are swayed by the news

but the topic here is extortion. it's not impressive, it's not something people will copy, and it actually helps the extortionist to keep it quiet: isolate the victim

it's just notification of a crime occurring

What's the point of "shaming"?

[cdrudge]

Social media shaming is also part of the deal, threatening to expose the DDOS on Twitter if payment is not made.

What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

Re:What's the point of "shaming"?

[timholman]

What would be the point of this? "We're going to shame you to show that we're trying to extort you and you're not giving in." Is this suppose to cause peer pressure to force the financial institutions to settle? Or to garner sympathy for the attackers?

It's not logical because you're not dealing with mature people. Keep in mind that these guys are almost certainly a group of young, socially maladjusted individuals. To a professional criminal, 50 BTC is chump change, but to a group of kids who want BTC to buy drugs without Mom and Dad finding out, it's a lot of cash.

To a kid who grew up on social media, social shaming of your victim might seem an extremely potent weapon, just like school bullying. The rest of us will just scratch our heads and shrug our shoulders.

Re:What's the point of "shaming"?

[jaseuk]

I disagree with your analysis. It's all about knowing the level below which people might pay without involving the authorities. 50 BTC is at the point that pretty much any business might find it in their interests to pay, rather than involving the authorities, expensive IT consultants or down-time. I've been holiday mugged twice - both times the attacker deliberately demanded such an insignificant amount that I never bothered reporting it or fighting it.

Jason

Re:What's the point of "shaming"?

[Penguinisto]

Depends on the IT department and its relationship with the ISP, really. 50 BTC? Meh - it'd take less than a handful of hours to blackhole a DDoS successfully, or at least dampen it to the point of ineffectiveness... it'd cost way less than that in the network engineer's time, even if the exchange rate were $3 per. At worst, there's no shame at all in telling the world: "Some stupid script kiddies tried to crapflood our site, but we shut them down in short order" (well, translated to marketese, anyway).

Up the stakes - odds are perfect that they're probably renting botnet time (you'd have to if you want an even halfway effective DDoS attack), so let's see how much it'll cost the kiddies before they realize that it's getting too expensive and the results aren't really worth it. At a previous employer, we saw something similar (minus the threats), and it only ate maybe 6 hours of time spread over 3 different days, with a noticeable slowdown in site performance for about 30-45 minutes each time, but that was the worst of it. Not even worth bothering over, ransom-wise.

Overall though, it's easier to just spam-file and ignore the threats (most of which would likely be bluffs anyway), or at most you tell the little chump to fuck off. If you have Akamai or a similar caching service, you can maybe call 'em out on your website and dare them to do their worst. *shrug*

Misleading title

[jmd]

Why is this a Bitcoin extortion group? Should it not read: Extortion Group DD4BC uses Bitcoin for extortion payment system?

Re:Misleading title

[TeknoHog]

Agreed. The title would only make sense if we similarly used "Dollar extortion group" or "Euro extortion group". Although that's probably redundant, because debt-based currencies have a kind of built-in extortion anyway.

DDoS solutions?

[iTrawl]

Has anybody suggested any kind of solution to these DDoS attacks that the structure of the Internet allows? Current approach seems to accept DDoS as a fact of life and moan when it happens, with the only solution to the problem being to wait it out. When the Internet can gang up on pretty much any other participant (even Google, given enough bots) somebody should at least fire a few shots in the dark in an attempt to find solutions, but I haven't encountered anything on this yet.

Re:DDoS solutions?

[radish]

There are configuration based approaches which work for some specific classes of attack. For the more general case the only thing you can really do is increase your downstream capacity, either by actually having fatter pipes into your DC and the requisite routers/firewalls/proxies to handle the load, or by making use of an upstream filter like cloudflare. Or both :)

Re:DDoS solutions?

[Pinky's+Brain]

Make a new internet, this time demanding best practices from anyone linked. Don't have best practices on egress filtering and for responding to reports of source addresses participating in a DDOS? You're delinked. Don't delink servers usable for known amplification attacks? You're delinked.

Problem solved.

Re:DDoS solutions?

[fisted]

The internet is a communication medium. Its "structure" allows to send messages. No, there is nothing we can do about a lot of people sending messages. And i don't suppose we want.

only got to 400Mbs

[rapiddescent]

These clowns did a DDoS on the financial co where I work. They managed to get to about 400Mbs (although they claimed 15Gbps) and never came back. The good thing that came out of it was that we realised our Arbor DDoS wasn't configured right on one of the nodes so that's fixed up now. Our sensors picked it up straight away, the Security Operations Centre reacted in the first few minutes and so most staff/customers/partners didn't even realise.

Their MOO was to try and find email addresses in linkedin/online for various random members of staff at the company and sent out the demand letters a few hours in advance - except we're worldwide and so by the time the letters were centrally understood, it was already pretty much too late.

If nobody notices...

[Martin+Spamer]

If nobody notices a DDOS attack did it really happen?

if I was head of Blankety Bank...

[swschrad]

and the weasels started DDOSsing me, I'd say, go ahead and put it on Twitter. we can then go to Federal court and find out who owns the account, and send a bill collector over. one of those effective bill collectors from a Jersey "social club." one of those guys who knows how to work concrete.